On Fri, 2009-06-26 at 21:06 -0400, Charles Gregory wrote: > On Fri, 26 Jun 2009, LuKreme wrote: > >> > See, it all comes down to what you think 'legitimate' is. > >> The recipient wants the e-mail. DUH. > > That's not my definition at all.... > > The very reason for my posting. You need not repeat yourself. > > > ..... it's not even the definition of any mailadmin I've ever met. We > > reject mail users *want* all the time. It's our job. There is some mileage in that. Inappropriate use by staff mailing massive, unnecessary attachments around is once such policy. The recipients may well *want* these - but policies are often in place to limit them. > That got a genuine laugh.... Sounds like something out of the BOFH series. > > > Nope, sometimes people WANT email that is laden down with malware, > > viruses, executable files, web bugs, or other things that compromise the > > security of not just themselves, but of others. Yep - I've had users call up asking why they have not had a email with a file attachment they are expecting. You tell them "It has a virus" or "It is not company policy to accept executable files by email" but do they stop there. Oh no. They get the sender to try and forward it via Hotmail or to a webmail account. When that blocks it too, you see the sender try again - this time zipping it up and crap. So yes - there are occasions when mailadmins block mail that recipients want and it is correct to do so.
The thread has drifted and seems to be starting to take on the roll of the Oxford English Dictionary of IT related Words. Legitimate mail? Just what is it? One man's legitimate is another man's illegitimate. One man's spam is another man's ham. I apply a simple formula. Legitimate mail comes from mail servers running on static IP's. These will not fall in a range assigned as Dynamic. They will not be listed in the PBL. The connecting IP will have - as a minimum - a PTR record. The contents of which I'm not fussed about - it just needs to exist. That will have me at least happy to 'listen' to what that server has to say before making a decision on the mail it is sending. I've dealt with small African businesses out in the bush operating mail servers over miles of knackered telephone lines on modems, and even they can manage to satisfy such basic requirements. If any other mail admin is not capable of doing this then I don't want a connection from them (I probably would not want them working for my organisation either - not if I relied on email for my business). Email has some similarities to snail mail. The onus is on the sender to ship it correctly and NOT on the recipient. The sender must package and address it correctly, put the right postage on it, and send it from the correct place if you want delivery attempted on time or at all. You would not expect your snail mail to be collected from a trash can and delivered, you would use a defined mail box or post office. Legitimate mail to me comes from a legitimate server as above. It's content will then be; 1. A reply to a mail we have sent 2. An order, enquiry or quote 3. A staff message or memo 4. A request for help There may be a few others, but legitimate mail will not generally be; 1. Someone trying to sell us something 2. Notifications of 'Special Offers' 3. Catch up mails from people we once bought a pencil from 4. From gmail, yahoo or hotmail. By far all I ever see from these providers is Spam. If someone really does *not* have access to any other form of email they can pick up the phone and call us and we can exempt them. I've yet to find a legitimate business use any of them as their primary email provider. Postini customers are also pushing their luck with the way the sending server never sends a 'QUIT' on the end of the session. This kind of sloppy crap is a different story but is mentioned to show that even so called professional email organisations can be sloppy and not do things as they should. Finally - and this is the point where it is specifically relevant to Spamassassin - it won't trip a set score in SA. There is no need for legitimate mail to score high with SA. That's my take on it and it works for us. We get the odd gripe from managers called 'Steve' and 'Barry' that they have not had the 200 meg of pictures from the weekend party. You know the kind - the self important 'rules are not relevant to me' kind. It is usually sufficient to remind them of the acceptable usage policy and that we are overstaffed.
